Scientific Linux Fermi 6.9 i386/x86_64                May 1, 2017

---------------------------------------------------------------------------
Please send bug reports (not questions) to linux-users@listserv.fnal.gov

Also read the Upstream Vendor release notes . They are located at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.9_Release_Notes/
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.9_Technical_Notes/
 

Also read the SL.releasenote for changes between SL and 
TUV(The Upstream Vendor).  They are located in sl-release-notes/ 

ITEMS marked with "*" indicate items changed since 6.8 .
----------------------------------------------------------------------------

This is based on the rebuilding of RPMS out of SRPMS's that form Scientific
Linux.  Please read this entire document before installing.  

Table of contents

	INSTALLATION INFO
  	ADDED compared to Scientific Linux 6.9
  	UPDATED compared to  Scientific Linux 6.9 
  	REMOVED compared to  Scientific Linux 6.9 
	Installer modifications
	/contrib 
	/docs
	/notsupported 
	MISC Notes
	HARDWARE SPECIFIC ISSUES
	SOFTWARE ISSUES/BUGS
	SUPPORT INFO
	vendor ERRATA

Each has a "---" line above and below it.
_____________________________________________________________________________
INSTALLATION INFO

NOTE replace "slf6.9" with slf6rolling for ALPHA and BETA releases
_____________________________________________________________________________
Installation Locations

Via NETWORK: 

 NOTE the http choice is done automatically for network install image 


  nfs:
	linux.fnal.gov:/export/linux/fermi/slf6.9/i386/os/
	linux.fnal.gov:/export/linux/fermi/slf6.9/x86_64/os/
  ftp:
  	linux.fnal.gov/linux/fermi/slf6.9/i386/os/
  	linux.fnal.gov/linux/fermi/slf6.9/x86_64/os/
  http:
  	linux1.fnal.gov/linux/fermi/slf6.9/i386/os/
  	linux1.fnal.gov/linux/fermi/slf6.9/x86_64/os/

VIA ISO

  DVD iso image:

  	ftp://linux1.fnal.gov/linux/fermi/slf6.9/i386/iso/
  	ftp://linux1.fnal.gov/linux/fermi/slf6.9/x86_64/iso/
 
		SLF-69-<ARCH>-2017-05-01-DVD1.iso  
		SLF-69-<ARCH>-2017-05-01-DVD2.iso

		SLF-69-<ARCH>-2017-05-01-DVD-DL.iso

network install via boot.iso 

  	ftp://linux1.fnal.gov/linux/fermi/slf6.9/i386/iso/
  	ftp://linux1.fnal.gov/linux/fermi/slf6.9/x86_64/iso/

		SLF-69-<ARCH>-2017-05-01-boot.iso

And our easy to remember location

	ftp://linux.fnal.gov/downloads/slf6.9/

When installing SLF 6.x as a Xen Paravirtualized Guest the installation
location is

   http://linux1.fnal.gov/linux/fermi/slf6x/<arch>/os/

-----------------------------------------------------------------------------
ADDED compared to Scientific Linux 6.9  i386/x86_64
-----------------------------------------------------------------------------
*slf-release-6.9-1

	Provide /etc/yum.repos.d/slf.repo .  This repo includes entries for
	slf , slf-updates and slf-source.  The repos slf and slf-updates
	are enabled by default. 


slf-bookmarks-6-1.slf6
 
 	Customized for SLF

*slf-release-notes

  	Places Fermi.releasenote in html format 
  	in /usr/share/doc/slf-release-notes-6.9/
 
alpine

	In release 

*cigetcert

*	cigetcert gets an X.509 certificate from a SAML 2.0 Service Provider
*       (SP) such as CILogon using the Enhanced Client and Proxy (ECP)
*       profile. Optionally it can also get a grid proxy certificate and/or
*       transfer the proxy to MyProxy.
*       It was developed for the Fermilab Distributed Computing Access 
*       with Federated Identities (DCAFI) project.

Clam Anti Virus

	Clam Anti-Virus.  Obtained from the EPEL repository and rebuilt from
 	src.rpm.  http://www.clamav.net

	clamav-0.99.1-1.el6.i686.rpm
	clamav-db-0.99.1-1.el6.i686.rpm
	clamav-devel-0.99.1-1.el6.i686.rpm
	clamav-milter-0.99.1-1.el6.i686.rpm
	clamav-unofficial-sigs-3.7.1-7.el6.noarch.rpm
	clamd-0.99.1-1.el6.i686.rpm
	clamsmtp-1.10-6.el6

drbd

	These packages have been removed from SLF since they are available
       in elrepo and atrpms with a preference to elrepo. 

		drbd83-utils-8.3.16-1.el6.i686.rpm
		kmod-drbd83-8.3.16-2.el6.i686.rpm

flpr
 	
 	Installed by default.  This does NOT require ups/upd.  
 	The flpr binary will reside in /usr/local/bin/ 
 
  		flpr

heartbeat

 	These packages have been removed from SLF since they are available in
        EPEL. 

        	heartbeat-3.0.4-1.el6
       		heartbeat-devel-3.0.4-1.el6
 		heartbeat-libs-3.0.4-1.el6
		libnet-1.1.5-1.el6
		libnet-devel-1.1.5-1.el6

openafs-thiscell-FNAL

	Defines FNAL.GOV for openafs.

pidgin-sipe
purple-sipe

	A pidgin plugin for Microsoft Chat protocols

Fermi Kerberos

	These rpms provide Fermi kerberos tools, configs, and expected
	behavior for SLF systems.

 	krb5-fermi-addons-1.5-1.slf6
  	krb5-fermi-base-2.2-2
        krb5-fermi-config-5.2-1
        krb5-fermi-krb5.conf-5.2-1
	krb5-fermi-getcert-2.1-1.slf6


 	Note that krb5-fermi-krb5.conf is not needed at FNAL,
 	the krb5-fermi-config-4.4-1 package does the same thing.
 	This package is intended for non SLF installs.

revtex

	tetex-natbib-8.31a-1.sl6.1.noarch.rpm
	tetex-revtex-4.1-1.sl6.1.noarch.rpm

	Added to simplify creating articles for publication

SLIP
   	Scientific Linux Inventory Project client
   
 	Added detection for matlab
 	Added support for proxy connections

 	 	ocsinventory-fermi formerly ocsinventory-client
 		ocsinventory-fermi-0.9.9-26.noarch.rpm

upsupdbootstrap
   
 	Not installed by default.

	There are only 2 rpms now.  upsupdbootstrap has been incorporated
	  into each of the rpms below .  Only can select 1.
	  The x86_64 install has a "requires" for the 32bit glibc as all
	  of ups/upd is 32bit.  This the 32bit glibc is installed during
  	  the install.  
  	  As always these rpms have NO functionality to OVERWRITE or UPGRADE
  	  a existing UPS/UPD install.  Use UPS/UPD to upgrade UPS/UPD.
  	A default x86_64 bit install does not install any 32 bit libraries
  	  These upsupdbootstrap* rpms have a dependency on glibc.i686 and
  	  compat-libtermcap to accomadate the library dependencies of
  	  all the ups/upd bootstrap installed packages.
          If other ups/upd packages are installed later then these need to
          be checked to make sure all 32 libraries are installed too.  Use
  	  "ldd" to help with this determination.
  
    		upsupdbootstrap-fnal-6.0-2
   			conflicts with upsupdbootstrap-local 
    			Installs ups/upd to /fnal/ups
      		upsupdbootstrap-local-6.0-2
    			conflicts with upsupdbootstrap-fnal
    			Installs ups/upd to /local/ups

yum-conf-slf6x-1-2.slf6
 
   	Will keep you at 6x which is the current stable 6x release.  So when
   	we release the next release yum will automatically yum install it
   	except for the kernel.  

yum-conf-fermi-internal
 
 	Adds the fermi-internal yum repository
	
		yum-conf-fermi-internal

yum-conf-fermi-other-6-6

	Provides slf-fastbugs, fermi-testing and slf-debuginfo 
	and slf-security-prerelease

         via /etc/yum.repos.d/slf-other.repo

	All of these repo's are disabled by default.

	Added slf-security-prerelease

yum-autoupdate-2-6.7.slf

   	yum-autoupdate has the nightly yum cron job in it.
  	The nightly cron job has been modified to check the addons directory.

zz_alpine_user_domain

	replaces zz_pine_user_domain
  
 	By default when a user sends mail from alpine their email address
  	is myname@mycomputer.fnal.gov.  This rpm changes it so that the
  	default is myname@fnal.gov by modifying the /etc/pine.conf config file.

zz_apache_no_browsable_directory

	Disables the default apache indexes.  By default directories
	will not be browsable.

zz_apache_use_clogger

	This package will reconfigure the default /etc/httpd/conf/httpd.conf
	to use clogger in addition to the traditional /var/log/httpd/ logging.

zz_auto_update_kernel
 
 	Remove the exclude of the kernel from the nightly autoyum thus
 	allowing the kernel to be upgraded via the nightly yum.  Note
 	that this does not check if you have custom kernel modules or
 	a custom kernel installed.  You have to ensure that this will
 	work in your environment.  You will have to reboot after the
 	kernel is upgraded.  The rpm does NOT reboot the system. Watch
 	root email for notification of all nightly auto yum updates.

zz_dhcp_resolv

	Removed compared to SL 5.x as not needed anymore.

zz_disable_avahi

	This will turn off and disable the avahi daemons
  	Now installed by default in both the "Fermi Desktop" and 
	"Fermi Server" install choices.

zz_enable_firewall_fnal-2.0-0

  	Not installed by default.  Available if needed.

  	Enables and populates /etc/sysconfig/iptables to allow incoming
  	network connections for fnal.gov only except for a small list
        of approved ports.  Installed by default if "Fermi Generic Desktop"
  	or "Fermi Generic Server" are selected. 

 	Changed "off site" open ports to be only sshd.

zz_fermi_ssh_config

	Provides fermi kerberized /etc/ssh/ssh_config file.

	Installed by default.  Triggered on installation of openssh-clients .
	The order of entries in the config file was also incorrect previously
	but /etc/ssh/ssh_config should be fixed after installing this package.
 	Tickets were not forwarding for unqualified hosts prior to this update.

zz_fermi_sshd_config-5.3-3.3
	
	Provides fermi kerberized /etc/ssh/sshd_config file.

	Installed by default.  Triggered on installation of openssh-server.


zz_gdm_doe_banner

 	Provides the Fermi DOE Banner on all GDM login windows.

        This should be installed on all on-site systems using GDM per DOE 
        policy.

	This is now installed by default on systems loading GDM

zz_gdm_no_user_list

  	Prevents GDM from displaying a list of valid users.  This sets
  	the same behavior as the default on previous versions of SLF.

	This is now installed by default on systems loading GDM

zz_lang_collate-1.0-7
 
 	Changes LANG so that sorting is done the same as 6.1 and
 	earlier.  (ABCabc instead of AaBbCc).
 	Can speed up programs that sort.

zz_local_dns_cache

	Updated to release that does not include 8.8.8.8 .

	This rpm will change your machine to use a local dns cache before
	looking for the standard dns servers.  Note, this rpm will install
	BIND, configure it, and start it.  Note, the BIND process is called
	'named'

	This rpm makes the following assumptions:
	- If this is a fresh install of the rpm, named will be started
	  and /etc/resolv.conf will be _replaced_ with the only nameserver
	  being '127.0.0.1'
	- If this rpm is updated, it will ensure 'nameserver 127.0.0.1' is in
	  /etc/resolv.conf
	- When removed, not upgraded, 131.225.0.254 and 8.8.8.8 are set instead
	  unless there is another nameserver already listed.
	- Behavior specific to referenced packages will be executed whenever
	   those packages are installed, updated, or removed.
	  They consist of: bind NetworkManager dhclient dnsmasq nscd
	-   On a bind update, bind will be restarted if it is running and 
	    chkconfig named is on
	-   On a bind update the 'stub' zones (the RFC1912 zones) will be reset.
	-   On a bind update, 'nameserver 127.0.0.1' will be added to
	    /etc/resolv.conf if not already listed and bind is running and 
	    chkconfig named is on.
	-   On a bind update, if nscd is running and chkconfig nscd is on, 
	    nscd will be restarted.
	-   On a NetworkManager installation or when zz_local_dns_cache is
	    installed for the first time, '127.0.0.1' will be configured as
	    the only DNS server for all interfaces whose configuration matches
	    /etc/sysconfig/network-scripts/ifcfg-* that are not 'ifcfg-lo'
	    When removed, and not upgraded, nameservers are set to
	    131.225.0.254 and 8.8.8.8 are set instead
	-   On a dhclient installation or when when zz_local_dns_cache is
	    installed for the first time, '127.0.0.1' is added the the dhcp
	    provided DNS server list.
	    When removed, not upgraded, this setting is removed.
	-   On a dnsmasq installation or when when zz_local_dns_cache is
	    installed for the first time, dnsmasq is disabled.
	-   On a dnsmasq installation or when when zz_local_dns_cache is
	    installed for the first time, dnsmasq is configured to query
	    127.0.0.1 if started with the defaul configuration file.
	    This feature was requested by people using libvirt/kvm.
	-   On a nscd installation or update, if nscd is running and also
	    chkconfig nscd is on, then nscd will be restarted.
	    If zz_local_dns_cache is removed an if nscd is running and also
	    chkconfig nscd is on, then nscd will be restarted.

	Now correctly preserves config values when updating
	certain configs
	
zz_logwatch_df

	Not needed anymore.

zz_ntp_configure-4.2.6-5.slf
   
  	Configure ntp for Fermi site network.

	Installed by default for "Desktop" and "Server" installs.

      	Startup script now pokes hole in the firewall for itself

   	One can manually change the script by editing the file 
   	  /etc/sysconfig/ntpd.fermi

 	Set default timeservers to 131.225.8.127 131.225.17.127

zz_screenlock_kde
   
   	Enables screen lock with "blanking" screen saver so power saving 
  	monitors will go into sleep mode.
        Ensures that the Timeout value is 10 minutes or less.
   	Installed by default with KDE .
  	Note that KDE is not the default desktop.

zz_sendmail_accept
zz_postfix_accept

	Replaces SL_sendmail_accept . 
	Enabled postfix or sendmail to receive email for non localhost
	network addresses.

zz_sendmail_fermi_gateway
zz_postfix_fermi_gateway
   
    	The zz_postfix_fermi_gateway rpm was fixed 
   	to change the RELAY parameter to be smtp.fnal.gov.

	zz_sendmail_fermi_gateway modified to be smtp.fnal.gov 
  	zz_sendmail_fermi_gateway fixed to restore old status correctly

zz_tcp_wrappers_change
  
  	Disable all offsite access to common network services.  Also
  	puts in the "DOE required login banners".  If it determines that
  	you have already modified /etc/hosts.allow or host.deny it leaves
  	them alone.
	Installed by default for "Desktop" and "Server" installs.
  	
zz_use_clogger
  
	Adds /etc/rsyslog.d/000-use-clogger.conf to log to clogger.fnal.gov
	Installed by default for "Desktop" and "Server" installs.
  
---------------------------------------------------------------------------
UPDATED compared to Scientific Linux 6  i386/x86_64 
----------------------------------------------------------------------------
pam_krb5
   
	pam_krb5 has NOT been updated to support cryptocards.  There
	is NO support for cryptocards in this release.

redhat-logos
  
  	Includes graphics from SL
 
  	This version of redhat-logo's has all of the generic changes
  	that were made with Scientific Linux as well as changes to make
  	it look like SLF.

 	Now provides sl-logos and slf-logos

yum-conf-adobe

        x86_64 support was added

        Added this metapackage which will install the 32 or 64 bit
 	repo depending on your system.

yum-conf-atrpms
yum-conf-elrepo
yum-conf-epel
yum-conf-rpmforge
yum-conf-rpmfusion

	Installs the repo files for these external repos.

	The repos remain disabled and a few packages have been masked
	to prevent their installation as they conflict with ones we provide.

 	Additionally yum-plugin-protectbase is installed to further prevent
 	installing these packages over SLF provided packages.  The documentation
 	for yum-plugin-protectbase provides further instructions on changing
 	this behavior.

 	End users are responsible to verify that they comply with all
        Licenses .
-----------------------------------------------------------------------------
REMOVED compared to Scientific Linux 6  i386/x86_64
-----------------------------------------------------------------------------

	revisor-mock
        sl-release
 	sl-release-notes
        sl-bookmarks

----------------------------------------------------------------------------
Installer modifications -- compared to SL 6
---------------------------------------------------------------------------
Anaconda (installer)

     Changes to "defaults" in the installer.

 	The timezone default is still America/Chicago but the
 	method of change has changed .  The new method changes
 	the default for all "lang=en_US.UTF-8" installs .  Note
 	that "lang=en_US.UTF-8" is the default.  Can change with
 	either kickstart or the install GUI .

 	Fixed the issue where slf6.x could not be installed as 
 	kvm guest.

	America/Chicago is default timezone.  Default was New York.

	Kerberos is enabled by default .

 	Default network boot.iso install is via http to the onsite 
	installation servers .

        Disk Partitioning layout default is "custom".

        The ipv4 vs ipv6 default was changed to ipv4.  ipv6 can still
        be selected if needed.

	We changed the default choice for "tasks" to be 
	"Fermi Generic Desktop"	and "Fermi Generic Server" .

	The boot.iso image installs the security errata by default.

  	The DVD iso images have the option to select that security errata
        are installed by default.

Compatibility NSS/NSPR libraries

	These are installed by default on systems selecting GUI desktops.
	These were added to simplify use of the onsite VPN


---------------------------------------------------------------------------
KNOWN LIMITATIONS/BUGS
---------------------------------------------------------------------------

"text" install only installs "core".  There is no X .   This is a VERY
VERY VERY limited install.  

If there is not "enough" memory the kdump "first boot" screen will pop up
a "error box".  This "error" looks "bad" but it is just informational.

During a network install there is a "screen" that displays the "installation"
repositories.  There is no need to disable any of these.  Please 
DO NOT disable any of these repos.

Note that updates are only between the same major version.  So in this case 
that is SLF 6 to SLF 6.  This is the same as TUV.  There are NO UPGRADES from
SLF 4 or 5 to SLF 6 , not even yum upgrades !!!! Don't try it it doesn't work.

If you enter a "hostname" during the install and you have selected "dhcp" the
"hostname" will be what is returned by the "hostname" command but this will NOT
set DHCP_HOSTNAME to this "hostname" as happened on SLF 5.  To enable 
dhcp hostname edit /etc/sysconfig/network-scripts/ifcfg-<name>.
Add DHCP_HOSTNAME=<dhcp host>. 

---------------------------------------------------------------------------
MISC NOTES
---------------------------------------------------------------------------

---------------------------------------------------------------------------
SUPPORT INFO
---------------------------------------------------------------------------
Scientific Linux Fermi web pages

	http://fermilinux.fnal.gov/

Fermi Linux Community support mailing list

  linux-users@fnal.gov

	Which is archived at 

	     http://listserv.fnal.gov/archives/linux-users.html

Scientific Linux web page

	http://www.scientificlinux.org	

------------------------------------------------------------------------------
SECURITY ERRATA RELEASED AFTER SLF6.x was released
------------------------------------------------------------------------------
Security errata will not be placed in the default install tree as has been 
done with prior releases of Scientific Linux Fermi.  They will only
reside in the updates/security/ directory.  

The boot.iso "network install iso" will install all available security 
errata during the install unless you disable the security repo during the 
install.  

The DVD images do NOT install security errata during the install by default
because the network is not available. If you enable the "Scientific Linux Fermi Security" repo on the "repo" screen then security errata will be installed
assuming the network is available.

You will have to do a "yum -y update" after the installation via DVD to 
install all the security errata if you did not enable the network and the 
"Scientific Linux Fermi Security" repo during the install.